Today the Taskforce on Data Protection/Ministry of ICT held a public
participation forum where stakeholders made submissions on the proposed
policy and bill.
Some golden threads in the discussions: independence of data protection
authority ; funding and how the policy will be implemented; cross border
transfers/localisation of data; access to personal data by state agencies
such as KRA; how public agencies/government controllers and processors will
be treated by the law; and how other regulators eg financial services will
interact with the framework. On process, policy makers stated that the
draft Bill will be published by the National Assembly and merged with the
Most of these issues have been discussed here in one way or another. One
interesting side discussion apart from the above was on how the law, once
enacted, could be submitted to Europe for assessment for adequacy status.
Under GDPR, adequacy status may be granted by the European Commission to
non-EEA countries who provide a level of personal data protection that is
“essentially equivalent” to that provided in European law. Morocco is one
African country that has been pursuing adequacy status.
The public participation forum continues tomorrow from 9am -1pm at the
Louis Leakey Auditorium , National Museums of Kenya.